At 7:55 PM +0000 3/1/03, Priscilla Oppenheimer wrote: >Howard C. Berkowitz wrote: >> > > > >> I'm really unimpressed with this article. > >Me too. :-) It doesn't sound like he has any detailed information.
Let's put it this way -- BGP authentication has more options than just an MD5 signature on an update, which is really more authorization than authentication. The more comprehensive route authentication mechanisms call for a chain of digital signatures at every AS on the path, allowing authentication back to the originator. Even comprehensive authentication doesn't protect against incorrect origination. Protection there lies much more in validating routing policy, in using sanity checks like prefix limit and flap dampening, etc. >Also, >this sounds a little clueless: "The people who are writing the (Internet >engineering) drafts are running out of financing because people aren't >listening." What financing do they get??? I guess most of them are employed >and their employers support their research, and the economic disaster that >we're in right now could be a small factor. On the other hand, a lot of >protocol designers are so dedicated to what they do, they would probaby do >it for free. Funny you should mention that -- I just got off a teleconference doing what we hope is the final draft of the BGP Control Plane Convergence before RFC acceptance. Two of the four people on the call were laid off by the companies that directly supported their work (one is still going to the San Francisco IETF using her frequent flyer miles), while another's new employer really doesn't support the work. Attendance at an IETF meeting costs around $500, which covers the facility expense (with a fair bit of sponsorship), as well as contributions toward the upkeep of the secretariat. People or their employers pay their own way. If I were to single out one person as the top expert on BGP cryptosecurity, I'd mention Sandy Murphy, who does work for a security company. Obviously, they have a motivation for sponsoring her research. See http://www.cymru.com/Documents/barry2.pdf for some pretty recent work on noncryptographic (mostly) BGP security from Cisco. It updates the Cisco Press book on ISP Essentials. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64177&t=64123 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
